diff options
Diffstat (limited to 'iptables/tests/shell/run-tests.sh')
-rwxr-xr-x | iptables/tests/shell/run-tests.sh | 73 |
1 files changed, 71 insertions, 2 deletions
diff --git a/iptables/tests/shell/run-tests.sh b/iptables/tests/shell/run-tests.sh index d71c1372..11256905 100755 --- a/iptables/tests/shell/run-tests.sh +++ b/iptables/tests/shell/run-tests.sh @@ -4,9 +4,23 @@ TESTDIR="./$(dirname $0)/" RETURNCODE_SEPARATOR="_" +usage() { + cat <<EOF +Usage: $(basename $0) [-v|--verbose] [-H|--host] [-V|--valgrind] + [[-l|--legacy]|[-n|--nft]] [testscript ...] + +-v | --verbose Enable verbose mode (do not drop testscript output). +-H | --host Run tests against installed binaries in \$PATH, + not those built in this source tree. +-V | --valgrind Enable leak checking via valgrind. +-l | --legacy Test legacy variant only. Conflicts with --nft. +-n | --nft Test nft variant only. Conflicts with --legacy. +testscript Run only specific test(s). Implies --verbose. +EOF +} + msg_error() { echo "E: $1 ..." >&2 - exit 1 } msg_warn() { @@ -19,10 +33,12 @@ msg_info() { if [ "$(id -u)" != "0" ] ; then msg_error "this requires root!" + exit 77 fi if [ ! -d "$TESTDIR" ] ; then msg_error "missing testdir $TESTDIR" + exit 99 fi # support matching repeated pattern in SINGLE check below @@ -46,6 +62,14 @@ while [ -n "$1" ]; do NFT_ONLY=y shift ;; + -V|--valgrind) + VALGRIND=y + shift + ;; + -h|--help) + usage + exit 0 + ;; *${RETURNCODE_SEPARATOR}+([0-9])) SINGLE+=" $1" VERBOSE=y @@ -53,6 +77,7 @@ while [ -n "$1" ]; do ;; *) msg_error "unknown parameter '$1'" + exit 99 ;; esac done @@ -67,6 +92,50 @@ else XTABLES_LEGACY_MULTI="xtables-legacy-multi" fi +printscript() { # (cmd, tmpd) + cat <<EOF +#!/bin/bash + +CMD="$1" + +# note: valgrind man page warns about --log-file with --trace-children, the +# last child executed overwrites previous reports unless %p or %q is used. +# Since libtool wrapper calls exec but none of the iptables tools do, this is +# perfect for us as it effectively hides bash-related errors + +valgrind --log-file=$2/valgrind.log --trace-children=yes \ + --leak-check=full --show-leak-kinds=all \$CMD "\$@" +RC=\$? + +# don't keep uninteresting logs +if grep -q 'no leaks are possible' $2/valgrind.log; then + rm $2/valgrind.log +else + mv $2/valgrind.log $2/valgrind_\$\$.log +fi + +# drop logs for failing commands for now +[ \$RC -eq 0 ] || rm $2/valgrind_\$\$.log + +exit \$RC +EOF +} + +if [ "$VALGRIND" == "y" ]; then + tmpd=$(mktemp -d) + msg_info "writing valgrind logs to $tmpd" + # let nobody write logs, too (././testcases/iptables/0008-unprivileged_0) + chmod 777 $tmpd + printscript "$XTABLES_NFT_MULTI" "$tmpd" >${tmpd}/xtables-nft-multi + printscript "$XTABLES_LEGACY_MULTI" "$tmpd" >${tmpd}/xtables-legacy-multi + trap "rm ${tmpd}/xtables-*-multi" EXIT + chmod a+x ${tmpd}/xtables-nft-multi ${tmpd}/xtables-legacy-multi + + XTABLES_NFT_MULTI="${tmpd}/xtables-nft-multi" + XTABLES_LEGACY_MULTI="${tmpd}/xtables-legacy-multi" + +fi + find_tests() { if [ ! -z "$SINGLE" ] ; then echo $SINGLE @@ -129,4 +198,4 @@ failed=$((legacy_fail+failed)) msg_info "combined results: [OK] $ok [FAILED] $failed [TOTAL] $((ok+failed))" -exit 0 +exit -$failed |